Home | History | Annotate | Download | only in keymaster
      1 /*
      2  * Copyright (C) 2014 The Android Open Source Project
      3  *
      4  * Licensed under the Apache License, Version 2.0 (the "License");
      5  * you may not use this file except in compliance with the License.
      6  * You may obtain a copy of the License at
      7  *
      8  *      http://www.apache.org/licenses/LICENSE-2.0
      9  *
     10  * Unless required by applicable law or agreed to in writing, software
     11  * distributed under the License is distributed on an "AS IS" BASIS,
     12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     13  * See the License for the specific language governing permissions and
     14  * limitations under the License.
     15  */
     16 
     17 #include <errno.h>
     18 #include <stdio.h>
     19 #include <time.h>
     20 
     21 #include <keymaster/android_keymaster.h>
     22 #include <keymaster/authorization_set.h>
     23 #include <keymaster/keymaster_enforcement.h>
     24 
     25 #include "android_keymaster_test_utils.h"
     26 
     27 namespace keymaster {
     28 namespace test {
     29 
     30 class TestKeymasterEnforcement : public KeymasterEnforcement {
     31   public:
     32     TestKeymasterEnforcement()
     33         : KeymasterEnforcement(3, 3), current_time_(10000), report_token_valid_(true) {}
     34 
     35     keymaster_error_t AuthorizeOperation(const keymaster_purpose_t purpose, const km_id_t keyid,
     36                                          const AuthorizationSet& auth_set) {
     37         AuthorizationSet empty_set;
     38         return KeymasterEnforcement::AuthorizeOperation(
     39             purpose, keyid, auth_set, empty_set, 0 /* op_handle */, true /* is_begin_operation */);
     40     }
     41     using KeymasterEnforcement::AuthorizeOperation;
     42 
     43     uint32_t get_current_time() const override { return current_time_; }
     44     bool activation_date_valid(uint64_t activation_date) const override {
     45         // Convert java date to time_t, non-portably.
     46         time_t activation_time = activation_date / 1000;
     47         return difftime(time(NULL), activation_time) >= 0;
     48     }
     49     bool expiration_date_passed(uint64_t expiration_date) const override {
     50         // Convert jave date to time_t, non-portably.
     51         time_t expiration_time = expiration_date / 1000;
     52         return difftime(time(NULL), expiration_time) > 0;
     53     }
     54     bool auth_token_timed_out(const hw_auth_token_t& token, uint32_t timeout) const {
     55         return current_time_ > ntoh(token.timestamp) + timeout;
     56     }
     57     bool ValidateTokenSignature(const hw_auth_token_t&) const override {
     58         return report_token_valid_;
     59     }
     60 
     61     void tick(unsigned seconds = 1) { current_time_ += seconds; }
     62     uint32_t current_time() { return current_time_; }
     63     void set_report_token_valid(bool report_token_valid) {
     64         report_token_valid_ = report_token_valid;
     65     }
     66 
     67   private:
     68     uint32_t current_time_;
     69     bool report_token_valid_;
     70 };
     71 
     72 class KeymasterBaseTest : public ::testing::Test {
     73   protected:
     74     KeymasterBaseTest() {
     75         past_time = 0;
     76 
     77         time_t t = time(NULL);
     78         future_tm = localtime(&t);
     79         future_tm->tm_year += 1;
     80         future_time = static_cast<uint64_t>(mktime(future_tm)) * 1000;
     81         sign_param = Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN);
     82     }
     83     virtual ~KeymasterBaseTest() {}
     84 
     85     TestKeymasterEnforcement kmen;
     86 
     87     tm past_tm;
     88     tm* future_tm;
     89     uint64_t past_time;
     90     uint64_t future_time;
     91     static const km_id_t key_id = 0xa;
     92     static const uid_t uid = 0xf;
     93     keymaster_key_param_t sign_param;
     94 };
     95 
     96 TEST_F(KeymasterBaseTest, TestValidKeyPeriodNoTags) {
     97     keymaster_key_param_t params[] = {
     98         sign_param,
     99     };
    100     AuthorizationSet single_auth_set(params, array_length(params));
    101 
    102     keymaster_error_t kmer = kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, single_auth_set);
    103     ASSERT_EQ(KM_ERROR_OK, kmer);
    104 }
    105 
    106 TEST_F(KeymasterBaseTest, TestInvalidActiveTime) {
    107     keymaster_key_param_t params[] = {
    108         Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA), Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
    109         Authorization(TAG_NO_AUTH_REQUIRED), Authorization(TAG_ACTIVE_DATETIME, future_time),
    110     };
    111 
    112     AuthorizationSet auth_set(params, array_length(params));
    113 
    114     ASSERT_EQ(KM_ERROR_KEY_NOT_YET_VALID,
    115               kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, auth_set));
    116 
    117     // Pubkey ops allowed.
    118     ASSERT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, key_id, auth_set));
    119 }
    120 
    121 TEST_F(KeymasterBaseTest, TestValidActiveTime) {
    122     keymaster_key_param_t params[] = {
    123         Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN), Authorization(TAG_ACTIVE_DATETIME, past_time),
    124     };
    125 
    126     AuthorizationSet auth_set(params, array_length(params));
    127 
    128     keymaster_error_t kmer_valid_time = kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, auth_set);
    129     ASSERT_EQ(KM_ERROR_OK, kmer_valid_time);
    130 }
    131 
    132 TEST_F(KeymasterBaseTest, TestInvalidOriginationExpireTime) {
    133     keymaster_key_param_t params[] = {
    134         Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA), Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
    135         Authorization(TAG_ORIGINATION_EXPIRE_DATETIME, past_time),
    136     };
    137 
    138     AuthorizationSet auth_set(params, array_length(params));
    139 
    140     ASSERT_EQ(KM_ERROR_KEY_EXPIRED, kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, auth_set));
    141 
    142     // Pubkey ops allowed.
    143     ASSERT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, key_id, auth_set));
    144 }
    145 
    146 TEST_F(KeymasterBaseTest, TestInvalidOriginationExpireTimeOnUsgae) {
    147     keymaster_key_param_t params[] = {
    148         Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
    149         Authorization(TAG_ORIGINATION_EXPIRE_DATETIME, past_time),
    150     };
    151 
    152     AuthorizationSet auth_set(params, array_length(params));
    153 
    154     keymaster_error_t kmer_invalid_origination =
    155         kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, key_id, auth_set);
    156     ASSERT_EQ(KM_ERROR_OK, kmer_invalid_origination);
    157 }
    158 
    159 TEST_F(KeymasterBaseTest, TestValidOriginationExpireTime) {
    160     keymaster_key_param_t params[] = {
    161         Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
    162         Authorization(TAG_ORIGINATION_EXPIRE_DATETIME, future_time),
    163     };
    164 
    165     AuthorizationSet auth_set(params, array_length(params));
    166 
    167     keymaster_error_t kmer_valid_origination =
    168         kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, auth_set);
    169     ASSERT_EQ(KM_ERROR_OK, kmer_valid_origination);
    170 }
    171 
    172 TEST_F(KeymasterBaseTest, TestInvalidUsageExpireTime) {
    173     keymaster_key_param_t params[] = {
    174         Authorization(TAG_ALGORITHM, KM_ALGORITHM_AES),
    175         Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
    176         Authorization(TAG_USAGE_EXPIRE_DATETIME, past_time),
    177     };
    178 
    179     AuthorizationSet auth_set(params, array_length(params));
    180 
    181     keymaster_error_t kmer_invalid_origination =
    182         kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, key_id, auth_set);
    183     ASSERT_EQ(KM_ERROR_KEY_EXPIRED, kmer_invalid_origination);
    184 }
    185 
    186 TEST_F(KeymasterBaseTest, TestInvalidPubkeyUsageExpireTime) {
    187     keymaster_key_param_t params[] = {
    188         Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA),
    189         Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
    190         Authorization(TAG_USAGE_EXPIRE_DATETIME, past_time),
    191     };
    192 
    193     AuthorizationSet auth_set(params, array_length(params));
    194 
    195     keymaster_error_t kmer_invalid_origination =
    196         kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, key_id, auth_set);
    197     // Pubkey ops allowed.
    198     ASSERT_EQ(KM_ERROR_OK, kmer_invalid_origination);
    199 }
    200 
    201 TEST_F(KeymasterBaseTest, TestInvalidUsageExpireTimeOnOrigination) {
    202     keymaster_key_param_t params[] = {
    203         Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
    204         Authorization(TAG_USAGE_EXPIRE_DATETIME, past_time),
    205     };
    206 
    207     AuthorizationSet auth_set(params, array_length(params));
    208 
    209     keymaster_error_t kmer_invalid_origination =
    210         kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, auth_set);
    211     ASSERT_EQ(KM_ERROR_OK, kmer_invalid_origination);
    212 }
    213 
    214 TEST_F(KeymasterBaseTest, TestValidUsageExpireTime) {
    215     keymaster_key_param_t params[] = {
    216         Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
    217         Authorization(TAG_USAGE_EXPIRE_DATETIME, future_time),
    218     };
    219 
    220     AuthorizationSet auth_set(params, array_length(params));
    221 
    222     keymaster_error_t kmer_valid_usage =
    223         kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, key_id, auth_set);
    224     ASSERT_EQ(KM_ERROR_OK, kmer_valid_usage);
    225 }
    226 
    227 TEST_F(KeymasterBaseTest, TestValidSingleUseAccesses) {
    228     keymaster_key_param_t params[] = {
    229         Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
    230     };
    231 
    232     AuthorizationSet auth_set(params, array_length(params));
    233 
    234     keymaster_error_t kmer1 = kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, auth_set);
    235     keymaster_error_t kmer2 = kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, auth_set);
    236 
    237     ASSERT_EQ(KM_ERROR_OK, kmer1);
    238     ASSERT_EQ(KM_ERROR_OK, kmer2);
    239 }
    240 
    241 TEST_F(KeymasterBaseTest, TestInvalidMaxOps) {
    242     keymaster_key_param_t params[] = {
    243         Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN), Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA),
    244         Authorization(TAG_MAX_USES_PER_BOOT, 4),
    245     };
    246 
    247     AuthorizationSet auth_set(params, array_length(params));
    248 
    249     ASSERT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, auth_set));
    250     ASSERT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, auth_set));
    251     ASSERT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, auth_set));
    252     ASSERT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, auth_set));
    253     ASSERT_EQ(KM_ERROR_KEY_MAX_OPS_EXCEEDED,
    254               kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, auth_set));
    255     // Pubkey ops allowed.
    256     ASSERT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, key_id, auth_set));
    257 }
    258 
    259 TEST_F(KeymasterBaseTest, TestOverFlowMaxOpsTable) {
    260     keymaster_key_param_t params[] = {
    261         Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA), Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
    262         Authorization(TAG_MAX_USES_PER_BOOT, 2),
    263     };
    264 
    265     AuthorizationSet auth_set(params, array_length(params));
    266 
    267     EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(KM_PURPOSE_SIGN, 1 /* key_id */, auth_set));
    268 
    269     EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(KM_PURPOSE_SIGN, 2 /* key_id */, auth_set));
    270 
    271     EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(KM_PURPOSE_SIGN, 3 /* key_id */, auth_set));
    272 
    273     // Key 4 should fail, because table is full.
    274     EXPECT_EQ(KM_ERROR_TOO_MANY_OPERATIONS,
    275               kmen.AuthorizeOperation(KM_PURPOSE_SIGN, 4 /* key_id */, auth_set));
    276 
    277     // Key 1 still works, because it's already in the table and hasn't reached max.
    278     EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(KM_PURPOSE_SIGN, 1 /* key_id */, auth_set));
    279 
    280     // Key 1 no longer works, because it's reached max.
    281     EXPECT_EQ(KM_ERROR_KEY_MAX_OPS_EXCEEDED,
    282               kmen.AuthorizeOperation(KM_PURPOSE_SIGN, 1 /* key_id */, auth_set));
    283 
    284     // Key 4 should fail, because table is (still and forever) full.
    285     EXPECT_EQ(KM_ERROR_TOO_MANY_OPERATIONS,
    286               kmen.AuthorizeOperation(KM_PURPOSE_SIGN, 4 /* key_id */, auth_set));
    287 
    288     // Pubkey ops allowed.
    289     EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 1 /* key_id */, auth_set));
    290     EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 4 /* key_id */, auth_set));
    291 }
    292 
    293 TEST_F(KeymasterBaseTest, TestInvalidTimeBetweenOps) {
    294     keymaster_key_param_t params[] = {
    295         Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA), Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
    296         Authorization(TAG_MIN_SECONDS_BETWEEN_OPS, 10),
    297     };
    298 
    299     AuthorizationSet auth_set(params, array_length(params));
    300 
    301     keymaster_error_t kmer1 = kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, auth_set);
    302     keymaster_error_t kmer2 = kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, auth_set);
    303     keymaster_error_t kmer3 = kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, key_id, auth_set);
    304 
    305     ASSERT_EQ(KM_ERROR_OK, kmer1);
    306     kmen.tick(2);
    307     ASSERT_EQ(KM_ERROR_KEY_RATE_LIMIT_EXCEEDED, kmer2);
    308 
    309     // Allowed because it's a pubkey op.
    310     ASSERT_EQ(KM_ERROR_OK, kmer3);
    311 }
    312 
    313 TEST_F(KeymasterBaseTest, TestValidTimeBetweenOps) {
    314     keymaster_key_param_t params[] = {
    315         Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN), Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
    316         Authorization(TAG_MIN_SECONDS_BETWEEN_OPS, 2),
    317     };
    318 
    319     AuthorizationSet auth_set(params, array_length(params));
    320 
    321     EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, key_id, auth_set));
    322     kmen.tick();
    323     EXPECT_EQ(KM_ERROR_KEY_RATE_LIMIT_EXCEEDED,
    324               kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, auth_set));
    325     kmen.tick();
    326     EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, auth_set));
    327 }
    328 
    329 TEST_F(KeymasterBaseTest, TestOptTimeoutTableOverflow) {
    330     keymaster_key_param_t params[] = {
    331         Authorization(TAG_ALGORITHM, KM_ALGORITHM_AES),
    332         Authorization(TAG_MIN_SECONDS_BETWEEN_OPS, 4),
    333         Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
    334     };
    335 
    336     AuthorizationSet auth_set(params, array_length(params));
    337 
    338     EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 1 /* key_id */, auth_set));
    339 
    340     kmen.tick();
    341 
    342     // Key 1 fails because it's too soon
    343     EXPECT_EQ(KM_ERROR_KEY_RATE_LIMIT_EXCEEDED,
    344               kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 1 /* key_id */, auth_set));
    345 
    346     EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 2 /* key_id */, auth_set));
    347 
    348     kmen.tick();
    349 
    350     // Key 1 fails because it's too soon
    351     EXPECT_EQ(KM_ERROR_KEY_RATE_LIMIT_EXCEEDED,
    352               kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 1 /* key_id */, auth_set));
    353     // Key 2 fails because it's too soon
    354     EXPECT_EQ(KM_ERROR_KEY_RATE_LIMIT_EXCEEDED,
    355               kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 2 /* key_id */, auth_set));
    356 
    357     EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 3 /* key_id */, auth_set));
    358 
    359     kmen.tick();
    360 
    361     // Key 1 fails because it's too soon
    362     EXPECT_EQ(KM_ERROR_KEY_RATE_LIMIT_EXCEEDED,
    363               kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 1 /* key_id */, auth_set));
    364     // Key 2 fails because it's too soon
    365     EXPECT_EQ(KM_ERROR_KEY_RATE_LIMIT_EXCEEDED,
    366               kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 2 /* key_id */, auth_set));
    367     // Key 3 fails because it's too soon
    368     EXPECT_EQ(KM_ERROR_KEY_RATE_LIMIT_EXCEEDED,
    369               kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 3 /* key_id */, auth_set));
    370     // Key 4 fails because the table is full
    371     EXPECT_EQ(KM_ERROR_TOO_MANY_OPERATIONS,
    372               kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 4 /* key_id */, auth_set));
    373 
    374     kmen.tick();
    375 
    376     // Key 4 succeeds because key 1 expired.
    377     EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 4 /* key_id */, auth_set));
    378 
    379     // Key 1 fails because the table is full... and key 1 is no longer in it.
    380     EXPECT_EQ(KM_ERROR_TOO_MANY_OPERATIONS,
    381               kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 1 /* key_id */, auth_set));
    382     // Key 2 fails because it's too soon
    383     EXPECT_EQ(KM_ERROR_KEY_RATE_LIMIT_EXCEEDED,
    384               kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 2 /* key_id */, auth_set));
    385     // Key 3 fails because it's too soon
    386     EXPECT_EQ(KM_ERROR_KEY_RATE_LIMIT_EXCEEDED,
    387               kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 3 /* key_id */, auth_set));
    388 
    389     kmen.tick();
    390 
    391     // Key 1 succeeds because key 2 expired
    392     EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 1 /* key_id */, auth_set));
    393     // Key 2 fails because the table is full... and key 2 is no longer in it.
    394     EXPECT_EQ(KM_ERROR_TOO_MANY_OPERATIONS,
    395               kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 2 /* key_id */, auth_set));
    396     // Key 3 fails because it's too soon
    397     EXPECT_EQ(KM_ERROR_KEY_RATE_LIMIT_EXCEEDED,
    398               kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 3 /* key_id */, auth_set));
    399     // Key 4 fails because it's too soon
    400     EXPECT_EQ(KM_ERROR_KEY_RATE_LIMIT_EXCEEDED,
    401               kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 4 /* key_id */, auth_set));
    402 
    403     kmen.tick(4);
    404 
    405     EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 1 /* key_id */, auth_set));
    406     EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 2 /* key_id */, auth_set));
    407     EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 3 /* key_id */, auth_set));
    408 }
    409 
    410 TEST_F(KeymasterBaseTest, TestPubkeyOptTimeoutTableOverflow) {
    411     keymaster_key_param_t params[] = {
    412         Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA),
    413         Authorization(TAG_MIN_SECONDS_BETWEEN_OPS, 4), Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
    414     };
    415 
    416     AuthorizationSet auth_set(params, array_length(params));
    417 
    418     EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(KM_PURPOSE_SIGN, 1 /* key_id */, auth_set));
    419 
    420     kmen.tick();
    421 
    422     // Key 1 fails because it's too soon
    423     EXPECT_EQ(KM_ERROR_KEY_RATE_LIMIT_EXCEEDED,
    424               kmen.AuthorizeOperation(KM_PURPOSE_SIGN, 1 /* key_id */, auth_set));
    425     // Too soo, but pubkey ops allowed.
    426     EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, 1 /* key_id */, auth_set));
    427 }
    428 
    429 TEST_F(KeymasterBaseTest, TestInvalidPurpose) {
    430     keymaster_purpose_t invalidPurpose1 = static_cast<keymaster_purpose_t>(-1);
    431     keymaster_purpose_t invalidPurpose2 = static_cast<keymaster_purpose_t>(4);
    432 
    433     AuthorizationSet auth_set(
    434         AuthorizationSetBuilder().Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY));
    435 
    436     EXPECT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE,
    437               kmen.AuthorizeOperation(invalidPurpose1, key_id, auth_set));
    438     EXPECT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE,
    439               kmen.AuthorizeOperation(invalidPurpose2, key_id, auth_set));
    440 }
    441 
    442 TEST_F(KeymasterBaseTest, TestIncompatiblePurposeSymmetricKey) {
    443     AuthorizationSet auth_set(AuthorizationSetBuilder()
    444                                   .Authorization(TAG_ALGORITHM, KM_ALGORITHM_AES)
    445                                   .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
    446                                   .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN));
    447 
    448     EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, auth_set));
    449     EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, key_id, auth_set));
    450 
    451     EXPECT_EQ(KM_ERROR_INCOMPATIBLE_PURPOSE,
    452               kmen.AuthorizeOperation(KM_PURPOSE_ENCRYPT, key_id, auth_set));
    453     EXPECT_EQ(KM_ERROR_INCOMPATIBLE_PURPOSE,
    454               kmen.AuthorizeOperation(KM_PURPOSE_DECRYPT, key_id, auth_set));
    455 }
    456 
    457 TEST_F(KeymasterBaseTest, TestIncompatiblePurposeAssymmetricKey) {
    458     AuthorizationSet auth_set(AuthorizationSetBuilder()
    459                                   .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
    460                                   .Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY)
    461                                   .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN));
    462 
    463     EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, auth_set));
    464     EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, key_id, auth_set));
    465 
    466     // This one is allowed because it's a pubkey op.
    467     EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(KM_PURPOSE_ENCRYPT, key_id, auth_set));
    468     EXPECT_EQ(KM_ERROR_INCOMPATIBLE_PURPOSE,
    469               kmen.AuthorizeOperation(KM_PURPOSE_DECRYPT, key_id, auth_set));
    470 }
    471 
    472 TEST_F(KeymasterBaseTest, TestInvalidCallerNonce) {
    473     AuthorizationSet no_caller_nonce(AuthorizationSetBuilder()
    474                                          .Authorization(TAG_PURPOSE, KM_PURPOSE_ENCRYPT)
    475                                          .Authorization(TAG_PURPOSE, KM_PURPOSE_DECRYPT)
    476                                          .Authorization(TAG_ALGORITHM, KM_ALGORITHM_AES));
    477     AuthorizationSet caller_nonce(AuthorizationSetBuilder()
    478                                       .Authorization(TAG_PURPOSE, KM_PURPOSE_ENCRYPT)
    479                                       .Authorization(TAG_PURPOSE, KM_PURPOSE_DECRYPT)
    480                                       .Authorization(TAG_ALGORITHM, KM_ALGORITHM_HMAC)
    481                                       .Authorization(TAG_CALLER_NONCE));
    482     AuthorizationSet begin_params(AuthorizationSetBuilder().Authorization(TAG_NONCE, "foo", 3));
    483 
    484     EXPECT_EQ(KM_ERROR_OK,
    485               kmen.AuthorizeOperation(KM_PURPOSE_ENCRYPT, key_id, caller_nonce, begin_params,
    486                                       0 /* challenge */, true /* is_begin_operation */));
    487     EXPECT_EQ(KM_ERROR_OK,
    488               kmen.AuthorizeOperation(KM_PURPOSE_DECRYPT, key_id, caller_nonce, begin_params,
    489                                       0 /* challenge */, true /* is_begin_operation */));
    490     EXPECT_EQ(KM_ERROR_CALLER_NONCE_PROHIBITED,
    491               kmen.AuthorizeOperation(KM_PURPOSE_ENCRYPT, key_id, no_caller_nonce, begin_params,
    492                                       0 /* challenge */, true /* is_begin_operation */));
    493     EXPECT_EQ(KM_ERROR_OK,
    494               kmen.AuthorizeOperation(KM_PURPOSE_DECRYPT, key_id, no_caller_nonce, begin_params,
    495                                       0 /* challenge */, true /* is_begin_operation */));
    496 }
    497 
    498 TEST_F(KeymasterBaseTest, TestBootloaderOnly) {
    499     AuthorizationSet auth_set(AuthorizationSetBuilder()
    500                                   .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)
    501                                   .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
    502                                   .Authorization(TAG_BOOTLOADER_ONLY));
    503     EXPECT_EQ(KM_ERROR_INVALID_KEY_BLOB,
    504               kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, auth_set));
    505 
    506     // Pubkey ops allowed.
    507     EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, key_id, auth_set));
    508 }
    509 
    510 TEST_F(KeymasterBaseTest, TestInvalidTag) {
    511     AuthorizationSet auth_set(AuthorizationSetBuilder()
    512                                   .Authorization(TAG_INVALID)
    513                                   .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN));
    514 
    515     EXPECT_EQ(KM_ERROR_INVALID_KEY_BLOB,
    516               kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, auth_set));
    517 }
    518 
    519 TEST_F(KeymasterBaseTest, TestAuthPerOpSuccess) {
    520     hw_auth_token_t token;
    521     memset(&token, 0, sizeof(token));
    522     token.version = HW_AUTH_TOKEN_VERSION;
    523     token.challenge = 99;
    524     token.user_id = 9;
    525     token.authenticator_id = 0;
    526     token.authenticator_type = hton(static_cast<uint32_t>(HW_AUTH_PASSWORD));
    527     token.timestamp = 0;
    528 
    529     AuthorizationSet auth_set(AuthorizationSetBuilder()
    530                                   .Authorization(TAG_USER_SECURE_ID, token.user_id)
    531                                   .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_ANY)
    532                                   .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN));
    533 
    534     AuthorizationSet op_params;
    535     op_params.push_back(Authorization(TAG_AUTH_TOKEN, &token, sizeof(token)));
    536 
    537     EXPECT_EQ(KM_ERROR_OK,
    538               kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, auth_set, op_params, token.challenge,
    539                                       false /* is_begin_operation */));
    540 }
    541 
    542 TEST_F(KeymasterBaseTest, TestAuthPerOpInvalidTokenSignature) {
    543     hw_auth_token_t token;
    544     memset(&token, 0, sizeof(token));
    545     token.version = HW_AUTH_TOKEN_VERSION;
    546     token.challenge = 99;
    547     token.user_id = 9;
    548     token.authenticator_id = 0;
    549     token.authenticator_type = hton(static_cast<uint32_t>(HW_AUTH_PASSWORD));
    550     token.timestamp = 0;
    551 
    552     AuthorizationSet auth_set(AuthorizationSetBuilder()
    553                                   .Authorization(TAG_ALGORITHM, KM_ALGORITHM_EC)
    554                                   .Authorization(TAG_USER_SECURE_ID, token.user_id)
    555                                   .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_ANY)
    556                                   .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN));
    557 
    558     AuthorizationSet op_params;
    559     op_params.push_back(Authorization(TAG_AUTH_TOKEN, &token, sizeof(token)));
    560 
    561     kmen.set_report_token_valid(false);
    562     EXPECT_EQ(KM_ERROR_KEY_USER_NOT_AUTHENTICATED,
    563               kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, auth_set, op_params, token.challenge,
    564                                       false /* is_begin_operation */));
    565     // Pubkey ops allowed.
    566     EXPECT_EQ(KM_ERROR_OK,
    567               kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, key_id, auth_set, op_params,
    568                                       token.challenge, false /* is_begin_operation */));
    569 }
    570 
    571 TEST_F(KeymasterBaseTest, TestAuthPerOpWrongChallenge) {
    572     hw_auth_token_t token;
    573     memset(&token, 0, sizeof(token));
    574     token.version = HW_AUTH_TOKEN_VERSION;
    575     token.challenge = 99;
    576     token.user_id = 9;
    577     token.authenticator_id = 0;
    578     token.authenticator_type = hton(static_cast<uint32_t>(HW_AUTH_PASSWORD));
    579     token.timestamp = 0;
    580 
    581     AuthorizationSet auth_set(AuthorizationSetBuilder()
    582                                   .Authorization(TAG_USER_SECURE_ID, token.user_id)
    583                                   .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_ANY)
    584                                   .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN));
    585 
    586     AuthorizationSet op_params;
    587     op_params.push_back(Authorization(TAG_AUTH_TOKEN, &token, sizeof(token)));
    588 
    589     EXPECT_EQ(KM_ERROR_KEY_USER_NOT_AUTHENTICATED,
    590               kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, auth_set, op_params,
    591                                       token.challenge + 1 /* doesn't match token */,
    592                                       false /* is_begin_operation */));
    593 }
    594 
    595 TEST_F(KeymasterBaseTest, TestAuthPerOpNoAuthType) {
    596     hw_auth_token_t token;
    597     memset(&token, 0, sizeof(token));
    598     token.version = HW_AUTH_TOKEN_VERSION;
    599     token.challenge = 99;
    600     token.user_id = 9;
    601     token.authenticator_id = 0;
    602     token.authenticator_type = hton(static_cast<uint32_t>(HW_AUTH_PASSWORD));
    603     token.timestamp = 0;
    604 
    605     AuthorizationSet auth_set(AuthorizationSetBuilder()
    606                                   .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
    607                                   .Authorization(TAG_USER_SECURE_ID, token.user_id)
    608                                   .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN));
    609 
    610     AuthorizationSet op_params;
    611     op_params.push_back(Authorization(TAG_AUTH_TOKEN, &token, sizeof(token)));
    612 
    613     EXPECT_EQ(KM_ERROR_KEY_USER_NOT_AUTHENTICATED,
    614               kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, auth_set, op_params, token.challenge,
    615                                       false /* is_begin_operation */));
    616     // Pubkey ops allowed.
    617     EXPECT_EQ(KM_ERROR_OK,
    618               kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, key_id, auth_set, op_params,
    619                                       token.challenge, false /* is_begin_operation */));
    620 }
    621 
    622 TEST_F(KeymasterBaseTest, TestAuthPerOpWrongAuthType) {
    623     hw_auth_token_t token;
    624     memset(&token, 0, sizeof(token));
    625     token.version = HW_AUTH_TOKEN_VERSION;
    626     token.challenge = 99;
    627     token.user_id = 9;
    628     token.authenticator_id = 0;
    629     token.authenticator_type = hton(static_cast<uint32_t>(HW_AUTH_PASSWORD));
    630     token.timestamp = 0;
    631 
    632     AuthorizationSet auth_set(
    633         AuthorizationSetBuilder()
    634             .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
    635             .Authorization(TAG_USER_SECURE_ID, token.user_id)
    636             .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_FINGERPRINT /* doesn't match token */)
    637             .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN));
    638 
    639     AuthorizationSet op_params;
    640     op_params.push_back(Authorization(TAG_AUTH_TOKEN, &token, sizeof(token)));
    641 
    642     EXPECT_EQ(KM_ERROR_KEY_USER_NOT_AUTHENTICATED,
    643               kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, auth_set, op_params, token.challenge,
    644                                       false /* is_begin_operation */));
    645     // Pubkey ops allowed.
    646     EXPECT_EQ(KM_ERROR_OK,
    647               kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, key_id, auth_set, op_params,
    648                                       token.challenge, false /* is_begin_operation */));
    649 }
    650 
    651 TEST_F(KeymasterBaseTest, TestAuthPerOpWrongSid) {
    652     hw_auth_token_t token;
    653     memset(&token, 0, sizeof(token));
    654     token.version = HW_AUTH_TOKEN_VERSION;
    655     token.challenge = 99;
    656     token.user_id = 9;
    657     token.authenticator_id = 0;
    658     token.authenticator_type = hton(static_cast<uint32_t>(HW_AUTH_PASSWORD));
    659     token.timestamp = 0;
    660 
    661     AuthorizationSet auth_set(
    662         AuthorizationSetBuilder()
    663             .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
    664             .Authorization(TAG_USER_SECURE_ID, token.user_id + 1 /* doesn't match token */)
    665             .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_ANY)
    666             .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN));
    667 
    668     AuthorizationSet op_params;
    669     op_params.push_back(Authorization(TAG_AUTH_TOKEN, &token, sizeof(token)));
    670 
    671     EXPECT_EQ(KM_ERROR_KEY_USER_NOT_AUTHENTICATED,
    672               kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, auth_set, op_params, token.challenge,
    673                                       false /* is_begin_operation */));
    674     // Pubkey op allowed.
    675     EXPECT_EQ(KM_ERROR_OK,
    676               kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, key_id, auth_set, op_params,
    677                                       token.challenge, false /* is_begin_operation */));
    678 }
    679 
    680 TEST_F(KeymasterBaseTest, TestAuthPerOpSuccessAlternateSid) {
    681     hw_auth_token_t token;
    682     memset(&token, 0, sizeof(token));
    683     token.version = HW_AUTH_TOKEN_VERSION;
    684     token.challenge = 99;
    685     token.user_id = 9;
    686     token.authenticator_id = 10;
    687     token.authenticator_type = hton(static_cast<uint32_t>(HW_AUTH_PASSWORD));
    688     token.timestamp = 0;
    689 
    690     AuthorizationSet auth_set(AuthorizationSetBuilder()
    691                                   .Authorization(TAG_USER_SECURE_ID, token.authenticator_id)
    692                                   .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_ANY)
    693                                   .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN));
    694 
    695     AuthorizationSet op_params;
    696     op_params.push_back(Authorization(TAG_AUTH_TOKEN, &token, sizeof(token)));
    697 
    698     EXPECT_EQ(KM_ERROR_OK,
    699               kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, auth_set, op_params, token.challenge,
    700                                       false /* is_begin_operation */));
    701 }
    702 
    703 TEST_F(KeymasterBaseTest, TestAuthPerOpMissingToken) {
    704     hw_auth_token_t token;
    705     memset(&token, 0, sizeof(token));
    706     token.version = HW_AUTH_TOKEN_VERSION;
    707     token.challenge = 99;
    708     token.user_id = 9;
    709     token.authenticator_id = 0;
    710     token.authenticator_type = hton(static_cast<uint32_t>(HW_AUTH_PASSWORD));
    711     token.timestamp = 0;
    712 
    713     AuthorizationSet auth_set(AuthorizationSetBuilder()
    714                                   .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
    715                                   .Authorization(TAG_USER_SECURE_ID, token.user_id)
    716                                   .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_ANY)
    717                                   .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN));
    718 
    719     AuthorizationSet op_params;
    720 
    721     // During begin we can skip the auth token
    722     EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, auth_set, op_params,
    723                                                    token.challenge, true /* is_begin_operation */));
    724     // Afterwards we must have authentication
    725     EXPECT_EQ(KM_ERROR_KEY_USER_NOT_AUTHENTICATED,
    726               kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, auth_set, op_params, token.challenge,
    727                                       false /* is_begin_operation */));
    728     // Pubkey ops allowed
    729     EXPECT_EQ(KM_ERROR_OK,
    730               kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, key_id, auth_set, op_params,
    731                                       token.challenge, false /* is_begin_operation */));
    732 
    733     auth_set.Reinitialize(AuthorizationSetBuilder()
    734                               .Authorization(TAG_ALGORITHM, KM_ALGORITHM_AES)
    735                               .Authorization(TAG_USER_SECURE_ID, token.user_id)
    736                               .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_ANY)
    737                               .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN)
    738                               .build());
    739 
    740     EXPECT_EQ(KM_ERROR_KEY_USER_NOT_AUTHENTICATED,
    741               kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, key_id, auth_set, op_params,
    742                                       token.challenge, false /* is_begin_operation */));
    743 }
    744 
    745 TEST_F(KeymasterBaseTest, TestAuthAndNoAuth) {
    746     AuthorizationSet auth_set(AuthorizationSetBuilder()
    747                                   .Authorization(TAG_USER_SECURE_ID, 1)
    748                                   .Authorization(TAG_NO_AUTH_REQUIRED)
    749                                   .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN));
    750 
    751     EXPECT_EQ(KM_ERROR_INVALID_KEY_BLOB,
    752               kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, auth_set));
    753 }
    754 
    755 TEST_F(KeymasterBaseTest, TestTimedAuthSuccess) {
    756     hw_auth_token_t token;
    757     memset(&token, 0, sizeof(token));
    758     token.version = HW_AUTH_TOKEN_VERSION;
    759     token.challenge = 99;
    760     token.user_id = 9;
    761     token.authenticator_id = 0;
    762     token.authenticator_type = hton(static_cast<uint32_t>(HW_AUTH_PASSWORD));
    763     token.timestamp = hton(kmen.current_time());
    764 
    765     AuthorizationSet auth_set(AuthorizationSetBuilder()
    766                                   .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
    767                                   .Authorization(TAG_USER_SECURE_ID, token.user_id)
    768                                   .Authorization(TAG_AUTH_TIMEOUT, 1)
    769                                   .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_ANY)
    770                                   .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN));
    771 
    772     AuthorizationSet op_params;
    773     op_params.push_back(Authorization(TAG_AUTH_TOKEN, &token, sizeof(token)));
    774 
    775     EXPECT_EQ(KM_ERROR_OK,
    776               kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, auth_set, op_params,
    777                                       0 /* irrelevant */, false /* is_begin_operation */));
    778 }
    779 
    780 TEST_F(KeymasterBaseTest, TestTimedAuthTimedOut) {
    781     hw_auth_token_t token;
    782     memset(&token, 0, sizeof(token));
    783     token.version = HW_AUTH_TOKEN_VERSION;
    784     token.challenge = 99;
    785     token.user_id = 9;
    786     token.authenticator_id = 0;
    787     token.authenticator_type = hton(static_cast<uint32_t>(HW_AUTH_PASSWORD));
    788     token.timestamp = hton(static_cast<uint64_t>(kmen.current_time()));
    789 
    790     AuthorizationSet auth_set(AuthorizationSetBuilder()
    791                                   .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
    792                                   .Authorization(TAG_USER_SECURE_ID, token.user_id)
    793                                   .Authorization(TAG_AUTH_TIMEOUT, 1)
    794                                   .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_ANY)
    795                                   .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN));
    796 
    797     AuthorizationSet op_params;
    798     op_params.push_back(Authorization(TAG_AUTH_TOKEN, &token, sizeof(token)));
    799 
    800     EXPECT_EQ(KM_ERROR_OK,
    801               kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, auth_set, op_params,
    802                                       0 /* irrelevant */, false /* is_begin_operation */));
    803 
    804     kmen.tick(1);
    805 
    806     // token still good
    807     EXPECT_EQ(KM_ERROR_OK,
    808               kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, auth_set, op_params,
    809                                       0 /* irrelevant */, false /* is_begin_operation */));
    810 
    811     kmen.tick(1);
    812 
    813     // token expired, not allowed during begin.
    814     EXPECT_EQ(KM_ERROR_KEY_USER_NOT_AUTHENTICATED,
    815               kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, auth_set, op_params,
    816                                       0 /* irrelevant */, true /* is_begin_operation */));
    817 
    818     // token expired, afterwards it's okay.
    819     EXPECT_EQ(KM_ERROR_OK,
    820               kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, auth_set, op_params,
    821                                       0 /* irrelevant */, false /* is_begin_operation */));
    822 
    823     // Pubkey ops allowed.
    824     EXPECT_EQ(KM_ERROR_OK,
    825               kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, key_id, auth_set, op_params,
    826                                       0 /* irrelevant */, true /* is_begin_operation */));
    827 }
    828 
    829 TEST_F(KeymasterBaseTest, TestTimedAuthMissingToken) {
    830     hw_auth_token_t token;
    831     memset(&token, 0, sizeof(token));
    832     token.version = HW_AUTH_TOKEN_VERSION;
    833     token.challenge = 99;
    834     token.user_id = 9;
    835     token.authenticator_id = 0;
    836     token.authenticator_type = hton(static_cast<uint32_t>(HW_AUTH_PASSWORD));
    837     token.timestamp = hton(static_cast<uint64_t>(kmen.current_time()));
    838 
    839     AuthorizationSet auth_set(AuthorizationSetBuilder()
    840                                   .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
    841                                   .Authorization(TAG_USER_SECURE_ID, token.user_id)
    842                                   .Authorization(TAG_AUTH_TIMEOUT, 1)
    843                                   .Authorization(TAG_USER_AUTH_TYPE, HW_AUTH_ANY)
    844                                   .Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN));
    845 
    846     AuthorizationSet op_params;
    847 
    848     // Unlike auth-per-op, must have the auth token during begin.
    849     EXPECT_EQ(KM_ERROR_KEY_USER_NOT_AUTHENTICATED,
    850               kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, auth_set, op_params, token.challenge,
    851                                       true /* is_begin_operation */));
    852 
    853     // Later we don't check (though begin would fail, so there wouldn't be a later).
    854     EXPECT_EQ(KM_ERROR_OK,
    855               kmen.AuthorizeOperation(KM_PURPOSE_SIGN, key_id, auth_set, op_params, token.challenge,
    856                                       false /* is_begin_operation */));
    857 
    858     // Pubkey ops allowed.
    859     EXPECT_EQ(KM_ERROR_OK, kmen.AuthorizeOperation(KM_PURPOSE_VERIFY, key_id, auth_set, op_params,
    860                                                    token.challenge, true /* is_begin_operation */));
    861 }
    862 
    863 TEST_F(KeymasterBaseTest, TestCreateKeyId) {
    864     keymaster_key_blob_t blob = {reinterpret_cast<const uint8_t*>("foobar"), 6};
    865 
    866     km_id_t key_id = 0;
    867     EXPECT_TRUE(KeymasterEnforcement::CreateKeyId(blob, &key_id));
    868     EXPECT_NE(0U, key_id);
    869 }
    870 
    871 }; /* namespace test */
    872 }; /* namespace keymaster */
    873